#![cfg_attr(not(feature = "std"), no_std)]

//! # Umbrella feeds
//!
//! Main contract for all on-chain data.
//!
//! ATTENTION: Keep the `upgradeNatively`/`unregister` entry points in this contract at all times and make sure their logic can be
//! executed successfully via an invoke to the `atomicUpdate` entry point in the `registry` contract. Otherwise, you will not be able to
//! natively upgrade this contract via the `registry` contract anymore.
use concordium_std::*;
use core::fmt::Debug;

#[derive(Serialize, SchemaType, Copy, Clone, Debug, PartialOrd, Ord, PartialEq, Eq)]
pub struct PriceData {
    /// This is a placeholder, that can be used for some additional data.
    pub data: u8,
    /// The heartbeat specifies the interval in seconds that the price data will be refreshed in case the price stays flat.
    /// ATTENTION: u64 is used here instead of u24 (different from the original solidity smart contracts).
    pub heartbeat: u64,
    /// It is the time the validators run consensus to decide on the price data.
    pub timestamp: Timestamp,
    /// The relative price.
    pub price: u128,
}

#[derive(Serial, DeserialWithState)]
#[concordium(state_parameter = "S")]
struct State<S> {
    /// Contract deployment time.
    deployed_at: Timestamp,
    /// Registry contract where the list of all addresses of this protocol is stored.
    registry: ContractAddress,
    /// StakingBank contract where list of validators is stored.
    staking_bank: ContractAddress,
    /// Minimal number of signatures required for accepting price submission (Proof-of-Authority = PoA).
    required_signatures: u16,
    /// Decimals for prices stored in this contract.
    decimals: u8,
    /// Map of all prices stored in this contract. It maps from the key to PriceData. The key for the map is the string of the feed name.
    /// E.g. for the "ETH-USDC" feed, the key will be "ETH-USDC".
    prices: StateMap<String, PriceData, S>,
}

/// All smart contract errors.
#[derive(Debug, PartialEq, Eq, Reject, Serial, SchemaType)]
enum CustomContractError {
    /// Failed to parse the parameter.
    #[from(ParseError)]
    ParseParams, // -1
    /// Failed to log because the log is full.
    LogFull, // -2
    /// Failed to log because the log is malformed.
    LogMalformed, // -3
    /// Failed to invoke a contract.
    InvokeContractError, // -4
    /// Failed to provide enough signatures.
    InvalidRequiredSignatures, // -5
    /// Failed to because the data is outdated.
    OldData, // -6
    /// Failed because it is the wrong contract.
    WrongContract, // -7
    /// Failed because the signature is outdated.
    Expired, // -8
    /// Failed because the feed does not exist.
    FeedNotExist, // -9
    /// Failed because of unauthorized invoke of the entry point.
    Unauthorized, // -10
    /// Upgrade failed because the new module does not exist.
    FailedUpgradeMissingModule, // -11
    /// Upgrade failed because the new module does not contain a contract with a
    /// matching name.
    FailedUpgradeMissingContract, // -12
    /// Upgrade failed because the smart contract version of the module is not
    /// supported.
    FailedUpgradeUnsupportedModuleVersion, // -13
    /// Failed to verify signature because data was malformed.
    MalformedData, // -14
    /// Failed signature verification because of an invalid signature.
    WrongSignature, // -15
    /// Failed because the account is missing on the chain.
    MissingAccount, // -16
    /// Failed because not enough signatures were provided.
    NotEnoughSignatures, // -17
    /// Failed because the signatures are not in order.
    SignaturesOutOfOrder, // -18
    /// Failed because one of the given signers is not a validator.
    InvalidSigner, // -19
}

/// Mapping errors related to logging to CustomContractError.
impl From<LogError> for CustomContractError {
    fn from(le: LogError) -> Self {
        match le {
            LogError::Full => Self::LogFull,
            LogError::Malformed => Self::LogMalformed,
        }
    }
}

/// Mapping account signature error to CustomContractError
impl From<CheckAccountSignatureError> for CustomContractError {
    fn from(e: CheckAccountSignatureError) -> Self {
        match e {
            CheckAccountSignatureError::MissingAccount => Self::MissingAccount,
            CheckAccountSignatureError::MalformedData => Self::MalformedData,
        }
    }
}

/// Mapping errors related to contract invocations to CustomContractError.
impl<T> From<CallContractError<T>> for CustomContractError {
    fn from(_cce: CallContractError<T>) -> Self {
        Self::InvokeContractError
    }
}

/// Mapping errors related to contract upgrades to CustomContractError.
impl From<UpgradeError> for CustomContractError {
    #[inline(always)]
    fn from(ue: UpgradeError) -> Self {
        match ue {
            UpgradeError::MissingModule => Self::FailedUpgradeMissingModule,
            UpgradeError::MissingContract => Self::FailedUpgradeMissingContract,
            UpgradeError::UnsupportedModuleVersion => Self::FailedUpgradeUnsupportedModuleVersion,
        }
    }
}

/// The parameter type for the contract init function.
#[derive(Debug, Serialize, SchemaType)]
pub struct InitParamsUmbrellaFeeds {
    pub registry: ContractAddress,
    pub required_signatures: u16,
    pub staking_bank: ContractAddress,
    pub decimals: u8,
}

/// Init function that creates a new smart contract.
#[init(contract = "umbrella_feeds", parameter = "InitParamsUmbrellaFeeds")]
fn init<S: HasStateApi>(
    ctx: &impl HasInitContext,
    state_builder: &mut StateBuilder<S>,
) -> InitResult<State<S>> {
    let param: InitParamsUmbrellaFeeds = ctx.parameter_cursor().get()?;

    ensure!(
        param.required_signatures != 0,
        CustomContractError::InvalidRequiredSignatures.into()
    );

    Ok(State {
        deployed_at: ctx.metadata().block_time(),
        registry: param.registry,
        staking_bank: param.staking_bank,
        required_signatures: param.required_signatures,
        decimals: param.decimals,
        prices: state_builder.new_map(),
    })
}

/// The parameter type for the contract function `upgradeNatively`.
/// Takes the new module and optionally an entrypoint to call in the new module
/// after triggering the upgrade. The upgrade is reverted if the entrypoint invoke
/// fails. This is useful for doing migration in the same transaction triggering
/// the upgrade.
#[derive(Debug, Serialize, SchemaType)]
pub struct UpgradeParams {
    /// The new module reference.
    pub module: ModuleReference,
    /// Optional entrypoint to call in the new module after upgrade.
    pub migrate: Option<(OwnedEntrypointName, OwnedParameter)>,
}

/// This function is a hook function intended to be invoked via the `atomicUpdate` function in the registry contract.
/// This function upgrades this smart contract instance to a new module and calls optionally a
/// migration function after the upgrade.
///
/// It rejects if:
/// - Sender is not the registry contract instance.
/// - It fails to parse the parameter.
/// - If the upgrade fails.
/// - If the migration invoke fails.
///
/// This function is marked as `low_level`. This is **necessary** since the
/// high-level mutable functions store the state of the contract at the end of
/// execution. This conflicts with migration since the shape of the state
/// **might** be changed by the migration function. If the state is then written
/// by this function it would overwrite the state stored by the migration
/// function.
#[receive(
    contract = "umbrella_feeds",
    name = "upgradeNatively",
    parameter = "UpgradeParams",
    error = "CustomContractError",
    low_level
)]
fn upgrade_natively<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &mut impl HasHost<S>,
) -> Result<(), CustomContractError> {
    // Read the top-level contract state.
    let state: State<S> = host.state().read_root()?;

    // Only the registry can upgrade this contract.
    ensure!(
        ctx.sender().matches_contract(&state.registry),
        CustomContractError::Unauthorized
    );

    // Parse the parameter.
    let param: UpgradeParams = ctx.parameter_cursor().get()?;

    // Trigger the upgrade.
    host.upgrade(param.module)?;

    // Call the migration function if provided.
    if let Some((func, parameters)) = param.migrate {
        host.invoke_contract_raw(
            &ctx.self_address(),
            parameters.as_parameter(),
            func.as_entrypoint_name(),
            Amount::zero(),
        )?;
    }

    Ok(())
}

/// Migration function that has to be called as part of the `upgradeNatively` invoke.
/// This function updates the staking bank contract to the up-to-date value from the registry.
///
/// It rejects if:
/// - Sender is not this smart contract instance.
/// - It fails to read the state root.
/// - The invoke to the regisry contract fails.
#[receive(
    contract = "umbrella_feeds",
    name = "migration",
    error = "CustomContractError",
    low_level
)]
fn contract_migration<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &mut impl HasHost<S>,
) -> Result<(), CustomContractError> {
    // Check that only this contract instance can call this function.
    ensure!(
        ctx.sender().matches_contract(&ctx.self_address()),
        CustomContractError::Unauthorized
    );

    // Read the top-level contract state.
    let mut state: State<S> = host.state().read_root()?;

    // Query the up-to-date staking_bank contract address from the registry.
    let new_staking_bank = host.invoke_contract_read_only::<String>(
        &state.registry,
        &"StakingBank".to_string(),
        EntrypointName::new_unchecked("getAddress"),
        Amount::zero(),
    )?;

    let new_staking_bank: ContractAddress = new_staking_bank
        .ok_or(CustomContractError::InvokeContractError)?
        .get()?;

    // Update staking bank in state.
    state.staking_bank = new_staking_bank;

    host.state_mut().write_root(&state);
    host.commit_state();

    Ok(())
}

/// Part of the parameter type for the contract function `update`.
/// Specifies the message that is signed.
#[derive(SchemaType, Serialize, Clone)]
pub struct Message {
    /// The contract_address that the signature is intended for.
    pub contract_address: ContractAddress,
    /// A timestamp to make signatures expire.
    pub timestamp: Timestamp,
    /// The price feed.
    pub price_feed: Vec<(String, PriceData)>,
}

/// The parameter type for the contract function `update` and `view_message_hash`.
/// Takes a vector of signers and signatures, and the message that was signed.
#[derive(Serialize, SchemaType)]
pub struct UpdateParams {
    /// Signers and signatures.
    pub signers_and_signatures: Vec<(PublicKeyEd25519, SignatureEd25519)>,
    /// Message that was signed.
    pub message: Message,
}

/// The `UpdateParamsPartial` parameter type is used in the `view_message_hash` function.
/// The input parameter of the `view_message_hash` function is `UpdateParams` but we only read the initial part of it
/// with this `UpdateParamsPartial` parameter. I.e. we read the `signatures` and the
/// `signers`, but not the `message`. This allows us to read purely the `message` later and operate on the `message` bytes.
#[derive(Serialize)]
#[concordium(transparent)]
pub struct UpdateParamsPartial {
    /// Signers and signatures.
    pub signers_and_signatures: Vec<(PublicKeyEd25519, SignatureEd25519)>,
}

/// Helper function to calculate the `message_hash`.
#[receive(
    contract = "umbrella_feeds",
    name = "viewMessageHash",
    parameter = "UpdateParams",
    return_value = "HashSha2256",
    crypto_primitives,
    mutable
)]
fn view_message_hash<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    _host: &mut impl HasHost<State<S>, StateApiType = S>,
    crypto_primitives: &impl HasCryptoPrimitives,
) -> Result<HashSha2256, CustomContractError> {
    // Parse the parameter.
    let mut cursor = ctx.parameter_cursor();
    // The input parameter is `UpdateParams` but we only read the initial part of it
    // with `UpdateParamsPartial`. I.e. we read the `signatures` and the
    // `signers`, but not the `message` here.
    let _param: UpdateParamsPartial = cursor.get()?;

    // The input parameter is `UpdateParams` but we have only read the initial part
    // of it with `UpdateParamsPartial` so far. We read in the `message` now.
    // `(cursor.size() - cursor.cursor_position())` is the length of the message in
    // bytes.
    let mut message_bytes = vec![0; (cursor.size() - cursor.cursor_position()) as usize];

    cursor.read_exact(&mut message_bytes)?;

    let message_hash = crypto_primitives.hash_sha2_256(&message_bytes).0;

    Ok(HashSha2256(message_hash))
}

/// Helper function to verify the signature.
/// This function throws if the signatures are not valid.
#[receive(
    contract = "umbrella_feeds",
    name = "verifySignatures",
    parameter = "UpdateParams",
    crypto_primitives,
    mutable
)]
fn verify_signatures<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &mut impl HasHost<State<S>, StateApiType = S>,
    crypto_primitives: &impl HasCryptoPrimitives,
) -> Result<(), CustomContractError> {
    let param: UpdateParams = ctx.parameter_cursor().get()?;

    ensure!(
        param.signers_and_signatures.len() >= host.state().required_signatures as usize,
        CustomContractError::NotEnoughSignatures
    );

    let mut prev_signer: Option<PublicKeyEd25519> = None;

    let message_hash = view_message_hash(ctx, host, crypto_primitives)?;

    let required_signatures = host.state().required_signatures;

    let mut validators: Vec<PublicKeyEd25519> = Vec::with_capacity(required_signatures as usize);

    // To save gas we check only the required number of signatures.
    // The case, where you can have part of signatures invalid but still enough valid in total is not supported.
    // We want to record all validators who submit (valid) signatures in a trustless/transparent way
    // in the smart contract (to e.g. reward off-chain all validators for good behavior) that is why the smart contract allows submitting more signatures than the `required_signatures` here.
    for i in 0..required_signatures {
        let signer = param.signers_and_signatures[i as usize].0;
        let signature = param.signers_and_signatures[i as usize].1;

        //Check signature.
        let valid_signature =
            crypto_primitives.verify_ed25519_signature(signer, signature, &message_hash.0);

        ensure!(valid_signature, CustomContractError::WrongSignature);

        ensure!(
            prev_signer < Some(signer),
            CustomContractError::SignaturesOutOfOrder
        );

        validators.push(signer);

        prev_signer = Some(signer);
    }

    let are_valid_signers = host.invoke_contract_read_only::<Vec<PublicKeyEd25519>>(
        &host.state().staking_bank,
        &validators,
        EntrypointName::new_unchecked("verifyValidators"),
        Amount::zero(),
    )?;

    let are_valid_signers: bool = are_valid_signers
        .ok_or(CustomContractError::InvokeContractError)?
        .get()?;

    ensure!(are_valid_signers, CustomContractError::InvalidSigner);

    Ok(())
}

#[receive(
    contract = "umbrella_feeds",
    name = "update",
    parameter = "UpdateParams",
    error = "CustomContractError",
    crypto_primitives,
    mutable
)]
fn update<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &mut impl HasHost<State<S>, StateApiType = S>,
    crypto_primitives: &impl HasCryptoPrimitives,
) -> Result<(), CustomContractError> {
    let param: UpdateParams = ctx.parameter_cursor().get()?;

    let message = param.message;

    // Check that the signature was intended for this contract.
    ensure_eq!(
        message.contract_address,
        ctx.self_address(),
        CustomContractError::WrongContract
    );

    // Check signature is not expired.
    ensure!(
        message.timestamp > ctx.metadata().slot_time(),
        CustomContractError::Expired
    );

    verify_signatures(ctx, host, crypto_primitives)?;

    for element in message.price_feed {
        let price_key: String = element.0;
        let new_price_data: PriceData = element.1;

        let stored_price_data = host.state_mut().prices.entry(price_key);

        match stored_price_data {
            Entry::Occupied(mut oe) => {
                // We do not allow for older prices.
                // This prevents replay attacks by preventing reusing of signatures at the same time.
                ensure!(
                    oe.timestamp < new_price_data.timestamp,
                    CustomContractError::OldData
                );
                *oe = new_price_data;
            }
            Entry::Vacant(ve) => {
                ve.insert(new_price_data);
            }
        }
    }

    Ok(())
}

/// View function that returns the key/name of this contract.
#[receive(contract = "umbrella_feeds", name = "getName", return_value = "String")]
fn get_name<S: HasStateApi>(
    _ctx: &impl HasReceiveContext,
    _host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<&'static str> {
    Ok("UmbrellaFeeds")
}

/// View function that returns many price data. It throws if price feed does not exist.
#[receive(
    contract = "umbrella_feeds",
    name = "getManyPriceData",
    parameter = "Vec<String>",
    return_value = "Vec<PriceData>"
)]
fn get_many_price_data<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<Vec<PriceData>> {
    let keys: Vec<String> = ctx.parameter_cursor().get()?;

    let mut price_data = Vec::with_capacity(keys.len());

    for key in keys {
        price_data.push(
            *host
                .state()
                .prices
                .get(&key)
                .ok_or(CustomContractError::FeedNotExist)?,
        );
    }

    Ok(price_data)
}

/// View function that returns many price data. In contrast to the `getManyPriceData`,
/// this function returns `None` instead of an Error when a price feed
/// does not exist. This function can be used if reverting the transaction
/// on non-existing price-feed is not desired.
#[receive(
    contract = "umbrella_feeds",
    name = "getManyPriceDataRaw",
    parameter = "Vec<String>",
    return_value = "Vec<Option<PriceData>>"
)]
fn get_many_price_data_raw<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<Vec<Option<PriceData>>> {
    let keys: Vec<String> = ctx.parameter_cursor().get()?;

    let mut price_data = Vec::with_capacity(keys.len());

    for key in keys {
        price_data.push(host.state().prices.get(&key).map(|price_data| *price_data));
    }

    Ok(price_data)
}

/// View function that returns the price data of one price feed. It throws if the price feed does not exist.
#[receive(
    contract = "umbrella_feeds",
    name = "getPriceData",
    parameter = "String",
    return_value = "PriceData"
)]
fn get_price_data<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<PriceData> {
    let key: String = ctx.parameter_cursor().get()?;

    let price_data = *host
        .state()
        .prices
        .get(&key)
        .ok_or(CustomContractError::FeedNotExist)?;

    Ok(price_data)
}

/// View function that returns the price of one price feed.
#[receive(
    contract = "umbrella_feeds",
    name = "getPrice",
    parameter = "String",
    return_value = "u128"
)]
fn get_price<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<u128> {
    let key: String = ctx.parameter_cursor().get()?;

    let price_data = *host
        .state()
        .prices
        .get(&key)
        .ok_or(CustomContractError::FeedNotExist)?;

    Ok(price_data.price)
}

/// View function that returns the time stamp of one price feed.
#[receive(
    contract = "umbrella_feeds",
    name = "getPriceTimestamp",
    parameter = "String",
    return_value = "Timestamp"
)]
fn get_price_timestamp<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<Timestamp> {
    let key: String = ctx.parameter_cursor().get()?;

    let price_data = *host
        .state()
        .prices
        .get(&key)
        .ok_or(CustomContractError::FeedNotExist)?;

    Ok(price_data.timestamp)
}

/// The return_value type for the contract function `getPriceTimestampHeartbeat`.
/// It is a struct containing the three values `price`, `timestamp`, and `heartbeat`.
#[derive(SchemaType, Serial, Deserial, Debug, PartialEq, Eq)]
pub struct SchemTypeTripleWrapper {
    /// The relative price.
    pub price: u128,
    /// It is the time the validators run consensus to decide on the price data.
    pub timestamp: Timestamp,
    /// The heartbeat specifies the interval in seconds that the price data will be refreshed in case the price stays flat.
    pub heartbeat: u64,
}

/// View function that returns the price, timestamp, and heartbeat of one price feed.
#[receive(
    contract = "umbrella_feeds",
    name = "getPriceTimestampHeartbeat",
    parameter = "String",
    return_value = "SchemTypeTripleWrapper"
)]
fn get_price_timestamp_heartbeat<S: HasStateApi>(
    ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<SchemTypeTripleWrapper> {
    let key: String = ctx.parameter_cursor().get()?;

    let price_data = *host
        .state()
        .prices
        .get(&key)
        .ok_or(CustomContractError::FeedNotExist)?;

    Ok(SchemTypeTripleWrapper {
        price: price_data.price,
        timestamp: price_data.timestamp,
        heartbeat: price_data.heartbeat,
    })
}

/// View function that returns the decimals value.
#[receive(contract = "umbrella_feeds", name = "DECIMALS", return_value = "u8")]
fn decimals<S: HasStateApi>(
    _ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<u8> {
    Ok(host.state().decimals)
}

/// View function that returns the required signatures.
#[receive(
    contract = "umbrella_feeds",
    name = "requiredSignatures",
    return_value = "u16"
)]
fn required_signatures<S: HasStateApi>(
    _ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<u16> {
    Ok(host.state().required_signatures)
}

/// The return_parameter type for the `viewContractSetup` function.
#[derive(Debug, Serialize, SchemaType, PartialEq, Eq)]
pub struct ContractSetup {
    /// Contract deployment time.
    pub deployed_at: Timestamp,
    /// Registry contract where the list of all addresses of this protocol is stored.
    pub registry: ContractAddress,
    /// StakingBank contract where the list of all validators is stored.
    pub staking_bank: ContractAddress,
}

/// View function that returns the `deployed_at`, `registry`, and `staking_bank` values from the state.
#[receive(
    contract = "umbrella_feeds",
    name = "viewContractSetup",
    return_value = "ContractSetup"
)]
fn view_contract_setup<S: HasStateApi>(
    _ctx: &impl HasReceiveContext,
    host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<ContractSetup> {
    Ok(ContractSetup {
        deployed_at: host.state().deployed_at,
        registry: host.state().registry,
        staking_bank: host.state().staking_bank,
    })
}

/// Hook function to enable `atomicUpdate` via the registry contract.
#[receive(contract = "umbrella_feeds", name = "unregister")]
fn unregister<S: HasStateApi>(
    _ctx: &impl HasReceiveContext,
    _host: &impl HasHost<State<S>, StateApiType = S>,
) -> ReceiveResult<()> {
    Ok(())
}